This is no joke â chap seems to have cracked Amazonâs latest toy

Video The security of Amazon.comâs âKeyâ door lock has again been called into question.

The Key is an electrified lock designed to be disabled using a one-time code, a facility that makes it possible for delivery workers to drop stuff off at Amazon Prime membersâ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang around all day, Amazon gets sales it might not otherwise have made and delivery staff get recorded by a WiFi-connected video camera to make sure they donât steal the family silver.

The devices have already been shown to have one nasty flaw when Rhino Security Labs found a way to flood the camera with junk packets to stop it recording.

Now a hacker has demonstrated another attack on the Key. As shown in the Twitter video below, the attack allows access to doors âlockedâ by the key even after a delivery workerâs one-time code has been burned.

I call this the “Break & Enter dropbox” and it pairs well with my Amazon Key (smartlock & smartcam combo).

It’s all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn’t. pic.twitter.com/35krz46Kab

Itâs unclear exactly how the exploit worked, but we can see it relied upon a âdropboxâ â a computer of some sort with Wi-Fi connectivity that is able to control the Key. The dropbox can both unlock the Key or somehow leave Amazonâs device incapable of recognising itâs time to lock itself again.

The Register has contacted Amazon and âMGâ, the source of the demo, for more information and will update this story if any comes to hand. Â®